[Ksummit-2012-discuss] [ATTEND] ACPI, UEFI, kernel security
Jiri Kosina
jkosina at suse.cz
Wed Jun 27 17:24:20 UTC 2012
On Sat, 23 Jun 2012, Matthew Garrett wrote:
> > > Kexec kernels are going to have to be signed in the same way that
> > > modules are, but I suspect there's also some subtleties in the handover
> > > protocol.
> >
> > At least /sbin/kexec needs to be patched to verify the sign key?
>
> We can't trust userspace verification. The kernel needs to verify it as
> well.
When you are using crashkernel upon panic, which kernel will be the one
verifying the signature? The crashed (and therefore not really
trustworthy) one, or the newly kexeced one (i.e. it will have to verify
itself)?
Neither of the options seems particularly right to me.
Thanks,
--
Jiri Kosina
SUSE Labs
More information about the Ksummit-2012-discuss
mailing list